<?php
	include 'includes/config.inc.php';

	if ($action && $username && $password) {
		$query = "select id from PHPAUCTION_users where nick='$username' and password='".md5($MD5_PREFIX.$password)."' and suspended=0";
		$res = mysql_query($query);

		if (mysql_num_rows($res) > 0) {
			$_SESSION['PHPAUCTION_LOGGED_IN']          = mysql_result($res, 0, 'id');
			$_SESSION['PHPAUCTION_LOGGED_IN_USERNAME'] = $username;
			session_name($SESSION_NAME);
            header('Location: index.php');
            exit;
		}
	}

	header('Location: index.php?err=1');
	exit;
?>